Why Android Users Need to worry about RottenSys Adware

Hey guys! Have you heard about RottenSys? No? Don’t Worry We are here to share information, so today in this post we will talk about RottenSys Android Malware/adware. Yes, You heard it Right, “An Android Malware/adware“. One important thing is that This is not a minor malware/adware, Actually, RottenSys’ has infected nearly almost five million Android devices worldwide.And the most interesting point is that These five Millions of Android smartphones include almost all big and trending smartphones Brands. So in this post, we will talk about RottenSys, How it works, How Dangoures it is? and how you can remove this Malware/adware from your Branded Android Smartphone.So let’s dive into deep details.

What is RottenSys and how dangerous is it?

What is RottenSys?

The Check Point Mobile Security Team ( Research By: Feixiang He, Bohdan Melnykov, and Elena Root )has recently discovered a new Android malware family, And They have named it ‘RottenSys’. They Found that RottenSys is targeting nearly 5 million Android Smartphone users worldwide for fraudulent ad-revenues. They also found that it was initially disguised as a System Wi-Fi service. The Researchers also found that malware enters the user’s device before purchase.

How RottenSys Enters in Our Android Smartphone?

RottenSys came pre-installed on millions of smartphones which was manufactured by trusted and trending Smartphone manufacturer Like Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung, and GIONEE. There are some rumors and Indications that shows that the malware ‘RottenSys’ could have entered earlier in the supplier chain. Now the researcher also indicating that The attackers have been testing a new type of botnet campaign via some C&C server.

The researchers also found a connection to a Hangzhou based mobile phone supply chain distributor Tian Pai.It will be not fair to indicate Tian Pai as a direct participant in the campaigning but researchers found that Tian Pai related channels contribute 49.2% of the total number of infected devices. It covers regional sales of top brands in the market such as Samsung, HTC, Apple, Xiaomi, ZTE, Coolpad, Lenovo, and Huawei.

How does RottenSys Works?

RottenSys came pre-installed, It attacks in two stages and it also uses some evasion techniques to avoid detection by virus scanners.First one is to postpone its operation (connection between the malicious app and the malicious activity) for a set time period,

Its Second evasive tactic is that RottenSys contains only a dropper component, A dropper component is a kind of Trojan, that has been designed to “install” some sort of malware (virus, backdoor, etc.) to a target system.

So once the Android Smartphone or device is active and the dropper is installed, it contacts its Command and Control (C&C). And from here the main game stars, So the same C&C server sends it a list of additional components required for its bad and harmful activity. These components contain the actual malicious code and are downloaded from the C&C server after the dropper receives the list.

RottenSys downloads all these malicious code and components silently (Usually, the malware downloads three additional components), using the DOWNLOAD_WITHOUT_NOTIFICATION permission which does not require any user interaction.

After all necessary components are downloaded, RottenSys uses an open-sourced Android framework called ‘Small’, which is an Android application virtualization framework, That allows all components to run alongside each other at the same time and achieve the combined malicious functionality of an extensive rough ad network ( Guang Dian Tong (Tencent ads platform) and Baidu ad exchange).

How Much dangerous RottenSys is?

Source: Checkpoint Research

To understand the Risk properly let me explain all the related points in details in points.

RottenSys came pre-installed. If you are a Well experienced Android User so you will be probably aware of the fact that on System Apps the Android’s Default Permission Control feature does not work. So we can’t Control any of the permission and activity of a System app.Which is really bad.

RottenSys uses evasion techniques to avoid detection by virus scanners and it only contains a dropper component which activates after a fixed time period. So it can be hidden from our normal eyes, system monitor even from the data usage monitor\statics.

The attackers have been testing a new type of botnet campaign via some C&C server. So Your Affected Android Smartphone will be converted to a botnet in the near feature. Now you decide who will be the owner? think again.

It is having DOWNLOAD_WITHOUT_NOTIFICATION permission which does not require any user interaction.So It is Free to do anything, anytime, anywhere on your and with your lovely Android Smartphone.

It came pre-installed, Means “in System”. So Without proper knowledge and Rooting, it is hard and sometimes impossible to Completly remove\uninstall from Android Smartphone.

All the Components and extra files it downloads after activation and Connecting to server Look like System Apps and system packages Example: Daily Calendar, Changmi Desktop, and System WiFi Service.

System Apps can’t be removed even after Factory Reset Your Phone. and after removing if you will perform a factory reset it will come back for sure.

Smartphones even of top brands in the market such as Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung, GIONEE, HTC, Apple, Xiaomi, ZTE, Coolpad, Lenovo, and Huaweiare affected from this malware/Adware. Here is the graph of Most targeted Devices:

Source: Checkpoint Research

How to find and Remove RottenSys Malware/Adware from Android Smartphone?

If your brand new Smartphone is suffering from unknown ads on the home screen, then your phone might be affected by RottenSys. Good News is that You can Find and remove RottenSys from Your Android Smartphone using following steps.

Is Your Phone is Affected by RottenSys Malware\Adware?

If your brand new Smartphone is suffering from unknown ads on the home screen, then your phone might be affected by RottenSys

if there are Packages with the exact package name in Settings>Apps> All> Open Every single app and Look for these package names.:-

Package Name

App (Original name)

App (Translated)

com.android.yellowcalendarz

每日黄历

Daily calendar

com.changmi.launcher

畅米桌面

Changmi Desktop

com.android.services.securewifi

系统WIFI服务

System WIFI service

com.system.service.zdsgt

——

——

com.zdfbqmt.app.main

——

——

com.jtwmy.lib.gdt

——

——

How to Remove RottenSys Malware/Adware From Android Smartphone?

To Remove RottenSys from your Smartphone You can uninstall/remove Apps having the exact package names, As Given Above in the list.

First off all Please go to Android system settings,

Then tap on Apps to open App manager, Then Go to All apps

Open Every single app and Look for the package names ( given Above) and uninstall (if Possible) or Disable them.

Conclusion:

In this post, we have talked about RottenSys Malware\Adware in detail, We have also talked about How it works, How Dangoures it is? and how you can remove this Malware/adware from your Branded Android Smartphone. RottenSys Malware\Adware is very dangerous for our privacy and also for our Android smartphone. so it is important to remove it from Our Android Smartphone. And I hope Our This post will definitely help you to Understand the risk and give you the proper solution of this Not so new Malware\Adware. if it did, then please share with your friends using the social share buttons and Share your views with us using the comment Section. Thank You and Keep visiting.

Post navigation

About Sourabh Kumar

Sourabh Kumar is the founder of weobserved.com, he is a Tech savvy Engineer, Artist, and a Blogger, living in Jaipur, India. He is a fan of photography, technology, Robotics, and Creative Artworks. He is also interested in programming and innovation. He loves technology, gadgets and Spends lots of time with them.